Cookie Problems with WebKit Browsers

jlbprof's Avatar, Join Date: Oct 2008
Newbie Member
Oops forgive me I tried to post this to the tutorials section did not realize that it was read only.

Howdy, new to the forum and desperate for some help.

I am having trouble using session cookies with web browsers based on WebKit, specifically Safari, iPhone and Android (although it seems to work on Chrome).

I am targetting this discussion to Safari (on Windows), because I do not have any tools to intercept the iPhone or G1 Android requests/responses.

Our website is all https and it seems to play a part in this.

I setup a proxy to watch what is happening between the server and the browser.

When the user brings up our login screen enters the username and password, we issue a cookie that identifies the session. Then we issue an html response that does a meta refresh to another url, also on our domain. The browser does not issue the cookie back to us so we cannot establish session.

Here is what we sent out as a response to the login screen:

Code:
HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 23 Oct 2008 13:53:51 GMT
Content-type: text/html; charset=ISO-8859-1
Set-cookie: ePN_SID_main=20081023085351_135131; domain=eprocessingnetwork.com; path=/rsc/; secure
Transfer-encoding: chunked
  
<HTML>
<HEAD>
<META http-equiv="refresh" content="0; URL=https://www.eprocessingnetwork.com/rsc/index.pl">
</HEAD>
</HTML>
Here is the request from the meta refresh

Code:
GET /rsc/index.pl HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1.2 Safari/525.21
Accept-Encoding: gzip, deflate
Referer: https://www.eProcessingNetwork.com/rsc/index.pl
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-US
Connection: keep-alive
Proxy-Connection: keep-alive
Host: www.eprocessingnetwork.com
As you can see it does not send the cookie back to us.

Now this is the settings for Safari



Here is what the cookies look like:



If I make a change in the preferences from "Only from sites you navigate to" to "Always" it works.

This shows me that there is a problem with this cookie, but for the life of me I and my colleagues cannot figure out what it its.

Do you see any problem with this cookie and the way it is formatted?

Thanx

Julian
0
akshits's Avatar, Join Date: May 2009
Go4Expert Member
What is thise ??